package cn.adelyn.base.gateway.filter;

import cn.adelyn.base.secureweb.xss.XssWrapper;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.annotation.WebFilter;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;

import java.io.IOException;

/**
 * @author chengze
 * @date 2022/12/19
 * @desc 一些简单的安全过滤： xss
 */
@WebFilter(filterName = "xssFilter")
@Order(Ordered.HIGHEST_PRECEDENCE)
@Component
@Slf4j
public class XssFilter implements Filter {

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse resp = (HttpServletResponse) response;

		// replaceAll("[\r\n]" =》 Potential CRLF Injection for logs
//		log.info("AuthFilter RequestURI :{}", req.getRequestURI().replaceAll("[\r\n]",""));
		// xss 过滤
		chain.doFilter(new XssWrapper(req), resp);
	}
}
